Vulnerability Details : CVE-2020-8517
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
Vulnerability category: Memory CorruptionInput validationDenial of service
Products affected by CVE-2020-8517
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-8517
Top countries where our scanners detected CVE-2020-8517
Top open port discovered on systems with this issue
3128
IPs affected by CVE-2020-8517 1,282,815
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-8517!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-8517
1.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8517
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2020-8517
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8517
-
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
[security-announce] openSUSE-SU-2020:0606-1: moderate: Security update fMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210304-0002/
February 2020 Squid Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://security.gentoo.org/glsa/202003-34
Squid: Multiple vulnerabilities (GLSA 202003-34) — Gentoo securityThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html
[security-announce] openSUSE-SU-2020:0623-1: important: Security updateMailing List;Third Party Advisory
-
http://www.squid-cache.org/Advisories/SQUID-2020_3.txt
Vendor Advisory
-
http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch
Patch;Vendor Advisory
-
https://usn.ubuntu.com/4289-1/
USN-4289-1: Squid vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
[security-announce] openSUSE-SU-2020:0307-1: moderate: Security update fMailing List;Third Party Advisory
Jump to